How to select the account on the login screen of Windows7 by start typing the name?

7

2

When MacOS boots up and the users is prompted to select the account (s)he wants to login into, the users can either click the name / icon of the account with the mouse or just type in the name of the account.

I want to do the same at the login screen of Windows7: Login screen pops up, I start to type my account name, I select the account with enter and then I type the password and enter again. No usage of the mouse involved.

(I am aware of tab-cycling and hard-to-follow-the-almost-invisible-marker-of-where-the-focus-is-right-now)

akira

Posted 2011-01-23T09:09:53.050

Reputation: 52 754

3Microsoft hasn't thought about this. Seems there is absolutely no solution :). Except for going classic login, which makes you type your WHOLE login. – sinni800 – 2011-01-26T14:43:13.747

@sinni800: thats what the bounty is for, if it would be easy i would have found the solution myself :) – akira – 2011-01-26T14:46:23.153

Should I feel challenged to program a new login screen now? – sinni800 – 2011-01-26T14:48:58.733

@sinni800: if 500rep will make you that happy .. i wont stop you :) – akira – 2011-01-26T14:50:38.297

2Only thing is that I can't do it. Maybe Mark Russinovich, the Windows and Windows Api Guru, could :) – sinni800 – 2011-01-26T15:18:28.583

@sinni800: details details :) – akira – 2011-01-26T15:24:58.730

You would spend more characters on writing and debugging this than you spend on completing your user name every time. But well, it's not easy but it could be done, but apart from harrymc I don't think anyone is going to come up with something in the next 7 days. The reputation is driving me crazy enough to maybe give it a shot this weekend though, if my exams allow... :-) – Tamara Wijsman – 2011-01-26T17:16:14.887

@TomWij: hacking is fun, constantly beeing angry about touching the mouse if you know it could be better UI wise is not. and time "wasted" on that kind of thing / knowledge is nothing i consider "wasted", no matter how many keystrokes that would cost. – akira – 2011-01-26T17:44:03.617

@akira: Yeah, I also like to maximize my keyboard use. I was talking about the Classic Logon Screen where auto-completion is only a small difference. Yes, for educational reasons it is indeed worth it. But still, it would depend on what you do with that knowledge... – Tamara Wijsman – 2011-01-26T18:35:36.453

@sinni800: mark said "no, no better suggestion" – akira – 2011-02-01T20:21:24.713

@akira: http://stackoverflow.com/questions/9868079/running-a-process-with-gui-on-windows-xp-logon-screen-net-pinvoke

– Tamara Wijsman – 2012-03-26T15:21:38.757

1

@akira: Source of above: http://stackoverflow.com/a/3143055/47064

– Tamara Wijsman – 2012-03-26T15:24:34.650

Answers

9

You are looking to writing a specialized Credential Provider. I an not going to write one for you, not even for 5000 reps, but I can point you in the right direction.

The article Create Custom Login Experiences With Credential Providers For Windows Vista explains the basics of Microsoft's move away from the earlier GINA model. It develops a sample which demonstrates the new features via a hybrid credential provider that allows a user name, password, and domain name to be stored on a smart card, so that upon insertion of the card, the user is automatically logged on.

Microsoft also provides for download Credential Provider Samples, which include an overview document describing how to build them.

If you do intend to develop your Credential Provider, I suggest strongly to debug it inside a virtual machine, for obvious reasons.

harrymc

Posted 2011-01-23T09:09:53.050

Reputation: 306 093

4I'd consider it for 5000 rep ;) – th3dude – 2011-01-26T15:35:20.300

finally someone with the right pointers. – akira – 2011-01-26T15:39:42.817

You could read this article too: http://www.paralint.com/blog/2009/02/24/porting-a-custom-gina-to-a-credential-provider/

– Joe Taylor – 2011-01-26T16:33:55.563

Suggesting credential providers is a good idea. It would be one heck of a lot of work, but would be nifty if somebody did make one which worked like this. – nhinkle – 2011-01-27T07:53:35.357

Windows gets more and more extensible. Earlier you had to hack the logonui.exe file :D... – sinni800 – 2011-01-28T07:49:17.180

@akira: Thanks for accepting my answer. Just one question, as I am running some private statistics about bounties: Do you know that by not manually assigning the bounty, 250 reps of your assigned 500 just simply disappeared into thin air? – harrymc – 2011-02-02T16:34:43.140

@harrymc: i accepted your answer with more than 1hour on the display. i cant tell you why the system thinks i didnt vote early enough. it caught me by surprise as well. if i understand it correctly: if the time is up one answer will be picked automatically and half of the bounty will be assigned .. but i accepted your answer "long" before the timeout. at least thats what my impression was ("big 1hour left" on the screen) – akira – 2011-02-02T17:37:24.097

@harrymc: if all things go wrong we have to come up with a question only you can answer :) i ve lost 250rep to "the system" as well ... – akira – 2011-02-02T17:51:27.063

I am trying to get ammunition to demand changing the bounty rules back so answer-accepting will also do bounty-awarding. Can I add you to my statistics as having lost 250 reps because you did accept but was reminded too late of the need to award? – harrymc – 2011-02-02T18:01:01.207

@akira An accepted answer != accepted bounty. You have to allocate the bounty seperatly, they are not linked anymore. – BinaryMisfit – 2011-02-02T18:26:58.930

@harrymc I understand that most of your rep is off bounties, however, the change was made to allow for others to be able to assign bounties on questions. The team will not consider changing it, since it will create problems with people who can't accept answers, or bounties on questions that do have accepted answers. – BinaryMisfit – 2011-02-02T18:28:49.067

@Diago: I know about this, as my SO thread didn't get much interest. I don't care about my reps, and my statistics are not all about bounties I got or didn't get. But I do care about earned reps being lost because of a too cumbersome system. I believe, for example, that for an accepted answer with less than 2 votes the entire bounty is lost. People have the right to fully use their reps, and I do dislike non-user-friendly systems.

– harrymc – 2011-02-02T19:30:54.763

@Diago: i had to click somewhere else to "deliver the bounty"?? – akira – 2011-02-02T19:39:23.040

1@akira: Yes, you had to click on the Bounty button. This is buried somewhere in the FAQ. – harrymc – 2011-02-02T19:57:14.340

@Diago: You can see that even a person with such high reputation as akira may be tricked out of his reps by this user-interface. – harrymc – 2011-02-02T20:00:20.560

@harrymc: i ll come up with a question only you can answer and bounty 250rep again :) – akira – 2011-02-02T20:08:04.747

@akira: Don't worry. This is a rare opportunity to maybe put some doubts into Diago and the team. – harrymc – 2011-02-02T20:11:04.463

8

Thinking about this again, there are much easier ways to accomplish this:

  1. Option one (Confirmed): A good old trick to get a program to run on the login screen. :-)

    1. Take ownership of and replace %WINDIR%\System32\osk.exe by the program from step 4.

    2. Go to the Ease of Access Center, Use the computer without a mouse or keyboard.

    3. Enable Use On-Screen Keyboard.

    4. Save and go back, at the left side click Change administrative settings.

    5. Click to apply the settings to the logon desktop and save.

  2. Option two (Should work): Services always run, so they can start programs on the login screen.

    1. Write a service C / C# that starts early, perhaps set it's start type to boot in the registry.

    2. Let the service detect C / C# when winlogon.exe is started, after which it starts our program.

  3. Option three (Doesn't seem to work): The Task Scheduler provides options for it, I have tried started based on "Startup" and on the "Winlogon WGA Event" but both didn't succeed, perhaps I need to set another user than "System" for this to work... Alternative: Winlogon Notification DLL

  4. This allows us to run our own written program at the login screen!

    • Using SetWindowsHookEx you could create a WH_KEYBOARD hook to handle input.

      • Alternative: Create a GUI window and give that window focus.
      • Alternative 2: If you hide the users you can track the username box, see AutoItX below.
         

    • Using WMI you could enumerate all the local users.

    • Calling AutoItX functions allows you to manipulate the Windows Login Screen from your app. This will also allow us to detect if we are at the login screen by checking if explorer runs.

      AutoItWindow shows that the screen is: Class: AUTHUI.DLL: LogonUI Logon Window and the password field is named Edit1, so you can actually read the typed data.

    In this way, you should be able to run a program that listens for the characters you type, retrieve the list of accounts and when it finds a match would autocomplete the appropriate account.

    I would suggest C++ (Native) or C# (PInvokes for API calls, easy WMI) but any language might fit...

  5. Alternative:

I think it might be possible to only use a compiled AutoIt script to accomplish this task, as you can track and manipulate the username box and also enumerate WMI, which is the sole thing you need to get this working. Perhaps you need to disable the tray icon feature though...

You can use AutoIt Window Info (place it as osk.exe) to see the class names at the login screen.

Tamara Wijsman

Posted 2011-01-23T09:09:53.050

Reputation: 54 163

3Very interesting... I'd like to see if this works... maybe even blog worthy ;) – James Mertz – 2011-02-01T01:25:07.343

Interesting. Anyone care to try it in a VM? I'll stick to having my name at the beginning of the alphabet. – digitxp – 2011-02-01T01:26:25.903

Or as an alternative, set the file back using your installation CD/DVD. :-) – Tamara Wijsman – 2011-02-01T02:40:37.293

@TomWiij: interesting approach. the reference to "step 4" is a bit unclear though (in 1.1), since it could be 1.4 as well. and having the osk-replacment on all the time sux. but 2. looks interesting (i ve written a mouse/keyhook-thing once already). in 2.2: what are the circumstances that winlogon.exe is shutted down? on logoff? what is the event for logging in? i dont want that hook enabled all the time... – akira – 2011-02-01T05:17:05.433

1I tried the osk trick, and it doesn't work in Windows 7. Although I took ownership of osk.exe, Windows 7 will not let me change it in any way. The hacks proposed in this answer are prevented by Windows 7, since otherwise it would be quite easy for viruses to capture user passwords. The only legal and working solution is writing a Credential Provider - there is no other way. – harrymc – 2011-02-01T06:53:29.327

Interesting possibilities. @harrymc: You have to grant access to yourself after taking ownership. – sinni800 – 2011-02-01T10:09:46.510

1@sinni800: You are right about the permissions. However, when I replaced osk.exe by notepad, nothing happened. In any case, this solution is a security breach, so may also be invalidated by the next Windows Update. It will certainly be signaled by an "sfc /scannow". Not recommended, as monkeying with core Windows files is too risky. – harrymc – 2011-02-01T10:26:25.763

@harrymc: You must have missed the other steps, also, try calc.exe. I wouldn't call this a security breach as you need administrator permissions to do this and Windows Update does not involve the System File Checker in the process, it's also very unlikely that osk.exe will be updated by Windows Update in any way. There isn't anything risky about monkeying with osk.exe as your computer isn't dependent on it to properly run, a Process Monitor boot log doesn't list that file by default. Furthermore, there is still the service solution... :-) – Tamara Wijsman – 2011-02-01T14:14:05.377

@akira: I don't see why the replacement would be bad. You need to program your executable to shut down itself once it detects explorer.exe (or see end of comment) so that it only starts on the login screen. As for the service, it's the same thing: Detect winlogon.exe and start it after, and after that you can run detection on the explorer.exe process or even better: WTSRegisterSessionNotification C++ / C#.

– Tamara Wijsman – 2011-02-01T14:20:13.590

@akira: Extra resource: Way to start Windows service before login screen.

– Tamara Wijsman – 2011-02-01T14:23:05.303

@akira: John T.'s comment mentions that an interactive service would work too...

– Tamara Wijsman – 2011-02-01T14:29:27.120

@akira: Another option worth considering: A WinLogon Notification DLL.

– Tamara Wijsman – 2011-02-01T14:37:16.003

@TomWij: "@akira: I don't see why the replacement would be bad" .. harrymc pointed out the virus-alike nature of that replacement, not me. i just want to ensure that the .dll/.exe is not on all the time, thats all what i was saying. Winlogon-DLL looks like a GINA thing which is not working in Win7 .. which is then again CredentialProvider-hacking just as @harrymc proposed – akira – 2011-02-01T15:01:01.033

@akira: How is that virus-alike? It's replacing an executable that's never used and requires administration permissions to set this up and is the easiest way to achieve your problem. Furthermore, the only risk you are running is when you write something malicious in your application, which would also happen when using the service/events/notification. And the WTS notifications (when using a service) or detecting if the user has logged in (when using the OSK replacement) han help ensure that your application doesn't run all the time. – Tamara Wijsman – 2011-02-01T15:13:47.957

@akira: The DLL thing is a WinLogon Notification based on an event, it's not GINA nor like CredentialProvider as you just run code based on an event. You're not responding through a set interface but instead have the full power... – Tamara Wijsman – 2011-02-01T15:15:49.527

@TomWij: the first comment on the page regarding the WinLogonDLL: "Winlogon notification packages do not work in Windows Vista and above. See http://msdn.microsoft.com/en-us/library/aa375198%28VS.85%29.aspx "

– akira – 2011-02-01T15:18:34.903

@TomWij: discuss the virus-alike-thing with @harrymc, not me. – akira – 2011-02-01T15:19:26.867

@akira: Ah okay, my bad, was looking through registry keys to see for yet another alternative there. :-) – Tamara Wijsman – 2011-02-01T15:19:42.987

@TomWij: read the comments from top to bottom. – akira – 2011-02-01T15:31:58.073

@akira: You said "and having the osk-replacment on all the time sux"; I responded "I don't see why the replacement would be bad", then you started about viruses in "harrymc pointed out the virus-alike nature of that replacement". But okay, I now understand that those aren't your thoughts... :-) – Tamara Wijsman – 2011-02-01T15:55:34.363

I repeat that hacking Microsoft is exciting, but is normally a short-term solution. It can have unforeseen results, if not now then after the next Windows Update. But it can be fun, of course. I would prefer using the interface that Microsoft has provided just for this purpose, especially as programming both solutions is of about the same complexity, just that a Credential Provider is much more sure to continue on working in the future. – harrymc – 2011-02-01T16:01:56.783

Implementing a service with WMI access and easy UI manipulation in a language of your choice is less complex as you aren't subject to a low-level interface and linking in dependencies; and it will also continue to work in the future even when they change the credential interface again. The on-screen keyboard is most likely to never be patched unless you manually initiate the system file checker; but indeed, you might not be able to replace the on-screen keyboard in a later version of Windows... – Tamara Wijsman – 2011-02-01T16:39:27.613

0

Windows Vista and Windows 7 does this out of the box (sort of) for domain logins.

This only works in editions of Windows that support domain join. You may be able to make a script that does this for you on other editions - let me know and I will look in to it.

Launch Group Policy Editor (Start > Run > gpedit.msc).

Look for Computer Config \ Windows Settings \ Security Settings \ Local Policies \ Security Options \ Interactive logon: Do not display last user name, and set this to Enabled

Next time you login, you should be able to type the username you want.

William Hilsum

Posted 2011-01-23T09:09:53.050

Reputation: 111 572

This does not provider auto-completion of the user-name at all. – sinni800 – 2011-02-01T10:08:45.810

But, without getting in to programming, I think it is by far the best solution. – William Hilsum – 2011-02-01T10:15:32.350

2that's not what i want. it does not show the avatars any more, it is just the plain old type in (full) username and password. – akira – 2011-02-01T10:30:00.410

Asked: 2011-01-23T09:09:53.050

Viewed: 6 014 times

Active: 2011-02-01T14:43:40.597